On Thu, Feb 14, 2019 at 9:10 AM Michael Paquier <mich...@paquier.xyz> wrote:
> On Thu, Feb 14, 2019 at 06:34:07PM +1100, Haribabu Kommi wrote: > > we have an application that is used to create the data directory with > > Well, initdb would do that happily, so there is no actual any need to > do that to begin with. Anyway.. > > > owner access (0700), but with initdb group permissions option, it > > automatically > > converts to (0750) by the initdb. But pg_basebackup doesn't change it > when > > it tries to do a backup from a group access server. > > So that's basically the opposite of the case I was thinking about, > where you create a path for a base backup with permissions strictly > higher than 700, say 755, and the base backup path does not have > enough restrictions. And in your case the permissions are too > restrictive because of the application creating the folder itself but > they should be relaxed if group access is enabled. Actually, that's > something that we may want to do consistently across all branches. If > an application calls pg_basebackup after creating a path, they most > likely change the permissions anyway to allow the postmaster to > start. > I think it could be argued that neither initdb *or* pg_basebackup should change the permissions on an existing directory, because the admin may have done that intentionally. But when they do create the directory, they should follow the same patterns. -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>